Here, we tired to extract the contents of the compressed file to find that it is password protected. We used the wget command to download the backups.zip file to our local machine. This also serves as the answer to the question. So, we modified our dirb command to search for php, png and zip files inside the backups directory. If we browse it directly, there is a chance that we might not able to see anything unless Directory Listing is enabled (It isn’t). This led us straight to the backups directory. Moving on, we perform a Directory Bruteforce using dirb to enumerate further.
#TRYHACKME BURP SUITE WALKTHROUGH CODE#
We checked the source code too if something is commented but no the file was completely empty. Let’s see what’s inside this directory that the author wants to hide from us. We know from nmap that there is a robots.txt file on the server. Then came the SSH service on port 1337, which we don’t have credentials for yet.Īs we have the HTTP Service Running, it is a good thing to check out the webpage that is hosted using a Web Browser. We will also see the entry inside the robots.txt that nmap crawled. Next, we had the HTTP Service on port 80, which we will take a look at. It gave us the FTP service on port 21 but unfortunately, we don’t have a set of credentials to access the machine and Anonymous Login is Disabled. The Nmap Scan gives us some services to enumerate. We will start with a nmap scan with -sC for Default Scripts and -sV for Scanning Versions. Task 1 is a YouTube link to watch a fun video. There are a total of 4 Tasks with 3 Questions in Task 2, 5 Questions in Task 3, 2 Question in Task 4 that we are supposed to answer. This room has some specified tasks that we need to fulfil to complete the Machine. We will start with booting up the machine from the TryHackMe: Mnemonic Page, we will be provided with a Target IP Address. Enumerating Source Code of Python Script.Cracking SSH Password using John the Ripper.Cracking ZIP Password using John the Ripper.Level: Medium Penetration Testing Methodology
#TRYHACKME BURP SUITE WALKTHROUGH HOW TO#
Let’s get started and learn how to break it down successfully. The credit for making this lab goes to villwocki. This lab is of medium difficultly if we have the right basic knowledge to break the labs and are attentive to all the details we find during the reconnaissance.
It’s available at TryHackMe for penetration testing practice. Today we’re going to solve another boot2root challenge called “Mnemonic “.